Security Implications of Quantum Computing Mean We Need to Vigorously Pursue Post-Quantum Cryptography
(SemiEngineering) The race is on to find and implement a public-key cryptographic algorithm that will stand up to the challenges posed by quantum computers.
For cryptography, we depend on the fact that digital computers will take hundreds or thousands of years to solve the “hard mathematical problems” at the foundation of the cryptographic algorithms which protect secret or personal data. For symmetric key cryptography such as AES, where both endpoints share a key ahead of time, the advent of quantum computing doesn’t change matters.
However, for public key cryptography, such as RSA and ECC (Elliptic-Curve Cryptography), quantum computing represents an existential event. A fully developed quantum computer using Shor’s algorithm, a polynomial-time quantum computer algorithm for integer factorization, will be capable of cracking a 2048-bit RSA implementation in perhaps as little as a few days. Since so many secure applications depend on the scalability of public key cryptography, this is an extremely serious issue.
Work is well on its way to define Post Quantum Cryptography (PQC). The National Institute of Standards and Technology (NIST) is sponsoring a competition to find, evaluate and standardize a public-key cryptographic algorithm (or algorithms) that will stand up to the challenges posed by quantum computers.
Designers will need time to implement the chosen algorithm standard(s) in their products, and that lead time can be as much as a couple of years for new chips and devices, and up to ten years for networking infrastructures and networking protocols. It will also take many years to upgrade and deploy existing computing and network hardware on a broad scale.
Quantum computing is a goal being pursued across government, academia and industry with tremendous energy. To ensure that we can keep data safe, we’ll need to pursue PQC with equal vigor.